SIL certified and non-certified PLC

G

Thread Starter

GB

Project requirement for a Turbo compressor system specifies a SIL certified PLC, but supplier is refusing to comply to the SIL certification requirements.

Supplier is saying that PLC I/O cards, controller are certified to use in a SIL certified PLC, but they are refusing to supply the PLC as SIL certified. The reason for that, I presume, is that they might not be following all the requirements mentioned under safety manual of the certified PLC.

Under this scenario, from where do we get the failure rates of PLC? That is, does the manual specify failure rate, if safety manual instructions are followed completely as well as if not followed?

Is it the scenario for most of the machinery suppliers? Is it due to avoid any design change which they have been following years together?

Appreciate SIL experts feedback, thanks.

Regards,
GB
 
>Project requirement for a Turbo
>compressor system specifies a SIL
>certified PLC, but supplier is refusing
>to comply to the SIL certification
>requirements. <

I guess you could argue that if you have a contract in place with the supplier then by refusing to meet a presumably contractually important document they are in breach of contract.

However I think it is important to realise that use of a SIL certified PLC in an application does not, by itself, prove a something is "safe". It is the function ( e.g. trip on high pressure) to which the PLC has been applied which has the requirement for a SIL and the whole set of equipment from sensor to final actuator needs assessment with respect to suitability for the function.

I don't know about your legal situation but in Europe there is no absolute requirement from 61508/61511 for a SIL certified device.

>Supplier is saying that PLC I/O cards,
>controller are certified to use in a
>SIL certified PLC, but they are
>refusing to supply the PLC as SIL
>certified. The reason for that, I
>presume, is that they might not be
>following all the requirements
>mentioned under safety manual of the
>certified PLC. <

You're right if they are not following the guidance in the safety manual then you may as well ignore statements about "suitable for use in a SIL application".

>Under this scenario, from where do we
>get the failure rates of PLC? That is,
>does the manual specify failure rate,
>if safety manual instructions are
>followed completely as well as if not
>followed? <

The manufacturer should be able to supply failure rate data particularly if they have some sort of SIL assessment. It might be in the safety manual or perhaps a separate document.

>Is it the scenario for most of the
>machinery suppliers? Is it due to avoid
>any design change which they have been
>following years together? <

I'm you'll find cases where there is a thoroughly evaluated SIS for plant and that the same practices have not been followed for major pieces of machinery with packaged control/safety systems. I hope and think that this situation will change. I think you're right that they may not want to change.

All this said, you'll probably find that there aren't that many functions requiring a SIL in a machinery automation system. Also don't forget the design practices SILs require all parties to follow to reduce systematic failures not just the random hardware failures you allude to in your post.

Hope this is helpful.

DaveMH
 
Have you tried Hima germany, they have, upto,sil 3 rated plc's. You can have a sil rated plc but what about what's connected to the plc. That will have to be sil rated as well ie proximity switch, instrument etc
 
GB,
This is the problem with most of the famous package suppliers for comprssors, turbine generator etc. They don't use safety certified PLC - primarily because they don't want to change their design which they are following for years. You will be surprised to see that they even don't provide maintenance bypass for the shutdown initiating switches, transmitters etc.!

Technically speaking IEC or ISA doesn't say that you have to have safety certified devices for shutdown system design. IEC or ISA allows to use non-safety certified devices provided they are proven by prior use. Package suppliers take advantage of this option. But most of them apart from PLC have a back-up hardwired relay based shutdwon system to make a safe shutdown of the machineries.
We normally take safety certified devices (especially the PLC) to increase our confidence. But if a non-safety certified device meets your PFD requirements and is proven by prior use, technically you cannot reject them.

Having said that, I think time has now come that the famous package suppliers should change their standard design in compliance with IEC 61511, embrace new technology and provide more transperency in their design so that user can have confidence on the product supported by quantitative calculations.

Regards,
A.K.Hait
 
Top